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(57) Membership ol a group of processors in a dis- 
tributed computing environment is managed Specific 
actions are identified and performed in order to manage 
the group membership. A processor requests to join the 
group of processors and thus, is added to the group 
Similarly, processors may request to leave the group or 



may fail and then are removed from the group The 
qroup of members also receives multicasts .nit.ated 
from one member of the group to other members of the 
group Add.t.onally each group of processors within a 
distributed computing environment has a group leader 
that controls the actions being performed for the group 
of members 
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Description 

TECHNICAL FIELD 

This invention relates, in general, to distributed 
computing environments and. in particular, to managing 
membership within a group of processors of a distribut- 
ed computing environment. 

BACKGROUND ART 

In typical computing systems, there is a predefined 
configuration in which a number of processors are de- 
fined. These processors may be active or inactive. Ac- 
tive processors receive applications to process and ex- 
ecute the applications in accordance with the system 
configuration. 

This predefined configuration is very inflexible as 
the processors are defined into the configuration in ad- 
vance and must stay in that configuration. 

DISCLOSURE OF THE INVENTION 

According to one aspect, the present invention pro- 
vides a method for joining a group of processors in a 
distributed computing environment, said method com- 
prising: requesting, by a processor, to join a group of 
processors, said group of processors executing related 
processes: and adding said processor to said group of 
processors. 

According to a preferred embodiment, the invention 
further comprising informing said group of processors 
of said join, and further comprising sending a message 
from one processor of said group of processors to any 
other processors of said group of processors. Prefera- 
bly, the invention further includes removing a processor 
from said group of processors, further preferably 
wherein said removing comprises deleting said proces- 
sor from a membership list of said group of processors, 
and/or further comprising informing said group of proc- 
essors of the removal of said processor and/or remov- 
ing said processor from said group of processors when 
said processor fails and/or when said processor re- 
quests to leave said group of processors 

According to a preferred embodiment said request- 
ing comprises providing a request to join said group of 
processors to a group leader processor of said group of 
processor and/or further wherein said adding further 
comprises informing, by said group leader processor 
any other processors of said group of processors of said 
join, and/or wherein said providing comprises locating 
said group leader processor via a name server, said 
name server comprising a processor of said distributed 
computing environment Preferably said name server 
is a member of said group of processors. In another em- 
bodiment, said name server is independent of said 
group of processors. According to another embodiment, 
said adding comprises updating a membership list of 
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said group of processors, preferably said membership 
list is located at each processor of said group of proc- 
essors and said updating comprises: informing each 
processor of said group of processors of said join: and 

5 updating said membership list by each processor 

According to a second aspect, the invention pro- 
vides a method for maintaining groups of processors in 
a distributed computing environment, said method com- 
prising: identifying a specified action to be taken for a 

io group of processors of said distributed computing envi- 
ronment, said group of processors including one or 
more member processors, each of said one or more 
member processors including a related process: and 
performing said specified action for said group of proc- 

15 essors 

Preferably, said specified action comprises one of 
the following: (a) insert, wherein a processor is request- 
ing to join said group of processors: (b) multicast, where- 
in one of said one or more member processors is re- 
questing to forward a message to any other member 
processors of said group of processors: (c) leave, 
wherein one of said one or more member processors is 
requesting to leave said group of processors: (d) re- 
move, wherein one member of said one or more mem- 
ber processors is removed from said group of proces- 
sors, when said one member fails: and (e) maintaining 
a group leader for said group of processors. 

According to third and fourth aspects, the invention 
also provides systems for carrying out the methods re- 
ferred to above, with respective means for carrying out 
the corresponding method steps. 

According to fifth and sixth aspects, the invention 
also provides computer program products stored on 
computer readable storage media for instructing com- 
puter systems to carry out the methods referred to 
above, such products having means for carrying out the 
corresponding method steps 

The group membership management technique of 
the present invention advantageously enables actions 
to be performed on a group basis. Each group includes 
processors that are each executing, for instance, a sin- 
gle Group Services daemon that takes part in imple- 
menting the group actions. The groups of processors 
are collectively referred to as a metagroup layer, which 
provides a simple mechanism for performing group ac- 
tions. 

Accordingly, the present invention allows a proces- 
sor to become a member of a group of processors, in 
which the group of processors execute related process- 
es That is, the invention enables actions to be per- 
formed on a group basis, allowing processors to request 
to become a member of a group The invention also al- 
lows a member of a processor group to leave the group 
or be removed from the group. Further the invention en- 
ables messages to be multicast to group members. 
Thus, the present invention makes the overall comput- 
ing system very flexible in terms of processor configu- 
rations. 
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According to a seventh aspect, the present inven- 
tion provides a method for recovering from a failed group 
leader of a group of processors of a distributed comput- 
ing environment, said method comprising steps of: ob- 
taining from a membership list ordered in sequence of 
joins of processors to said group of processors a next 
processor in said membership list: and selecting said 
next processor as a new group leader of said group of 
processors. 

Preferably, said obtaining step comprises obtaining 
a next active processor from said membership list. Pref- 
erably, said method includes a further step of informing 
said group of processors of said new group leader. Al- 
ternatively, the method involves requesting appointment 
of said new group leader from a name server said name 
server selecting said new group leader from said mem- 
bership list. Preferably, said membership list is located 
at each processor of said group of processors, and said 
obtaining step comprises obtaining, by a processor of 
said group of processors, said new group leader from 
said membership list at said processor, and further com- 
prising informing a name server of said new group lead- 
er Preferably, the method further comprising informing, 
by said name server, said group of processors of said 
new group leader 

Preferably, the method further comprising receiv- 
ing, by said new group leader prior to said new group 
leader being selected as said new group leader, any 
messages previously sent to said group of processors 
and providing, by said new group leader any messages 
missed by any processor of said group of processors. 
Preferably, the method further comprises sending re- 
quests to said new group leader 

According to an eighth aspect, the present invention 
provides a system for recovering from a failed group 
leader of a group of processors of a distributed comput- 
ing environment, said system comprising: a member- 
ship list ordered in sequence of joins of processors to 
said group of processors: and means for selecting a next 
processor from said membership list as a new group 
leader of said group of processors 

Preferably, said means for selecting comprises 
means for selecting a next active processor from said 
membership list. Preferably, the system further compris- 
ing means for informing said group of processors of said 
new group leader. Preferably, the system further com- 
prising a name server programmable to select said new 
group leader from said membership list. Preferably, said 
membership list is located at each processor of said 
group of processors and said means for selecting com- 
prises means for selecting, by a processor of said group 
of processors, said new group leader from said mem- 
bership list at said processor, and further comprising 
means for informing a name server of said new group 
leader. Further, comprising means for informing, by said 
name server, said group of processors of said new 
group leader. Preferably, said system further comprising 
means for receiving, by said new group leader, prior to 



said new group leader being selected as said new group 
leader, any messages previously sent to said group of 
processors and means for providing, by said new group 
leader any messages missed by any processor of said 
5 group of processors. Preferably said system further 
comprises means for sending requests to said new 

group leader. 

According to other aspects, the invention also pro- 
vides computer program products stored on computer- 

10 readable storage media for instructing computer sys- 
tems to carry out the method referred to above such 
products having program means for carrying out each 
respective method step. 

The group leader recovery mechanism of the 

is present invention provides a flexible technique for de- 
termining a new group leader, when the current group 
leader fails. It ensures that the members of the group 
are aware of the new group leader and can count on the 
group leader to control and manage the group. 

20 

BRIEF DESCRIPTION OF THE DRAWINGS 

The subject matter which is regarded as the inven- 
tion is particularly pointed out and distinctly claimed in 
25 the claims at the conclusion of the specification. The 
foregoing and other objects, features, and advantages 
of the invention will be apparent from the following de- 
tailed description taken in conjunction with the accom- 
panying drawings in which: 

30 

FIG. 1 depicts one example of a distributed comput- 
ing environment incorporating the principles of the 
present invention: 

35 FIG. 2 depicts one example of an expanded view of 
a number of the processing nodes of the distributed 
computing environment of FIG 1. in accordance 
with the principles of the present invention: 

40 FIG. 3 depicts one example of the components of a 
Group Services facility, in accordance with the prin- 
ciples of the present invention: 

FIG. 4 illustrates one example of a processor group. 
45 in accordance with the principles of the present in- 
vention: 

FIG. 5a depicts one example of the logic associated 
with recovering from a failed group leader of the 
50 processor group of FIG. 4. in accordance with the 
principles of the present invention: 

FIG. 5b depicts another example of the logic asso- 
ciated with recovering from a failed group leader of 
55 the processor group of FIG. 4, in accordance with 
the principles of the present invention: 

FIG. 6a illustrates one, example of a group leader, 
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in accordance with the principles of the present in- 
vention: 

FIG. 6b illustrates a technique for selecting a new 
group leader when the current group leader fails, in 5 
accordance with the principles of the present inven- 
tion: 

FIG. 7 depicts one example of a name server re- 
ceiving information from a group leader in accord- 10 
ance with the principles of the present invention: 

FIG. 8 depicts one example of the logic associated 
with adding a processor to a group of processors, 
in accordance with the principles of the present in- 15 
vention: 

FIG. 9 depicts one example of the logic associated 
with a processor leaving a group of processors, in 
accordance with the principles of the present inven- 20 

tion: 

FIG. 10 illustrates one embodiment of a process 
group, in accordance with the principles of the 
present invention: 25 

FIG. 11 depicts one example of the logic associated 
with proposing a protocol for a process group, in ac- 
cordance with the principles of the present inven- 
tion: 30 

FIG. 12 depicts one example of the logic associated 
with a process requesting to join a process group, 
in accordance with the principles of the present in- 
vention: and 35 

FIG. 1 3 depicts one example of the logic associated 
with a member of a process group requesting to 
leave the group, in accordance with the principles 
of the present invention. 40 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

In one embodiment, the techniques of the present 4 & 
invention are used in distributed computing environ- 
ments in order to provide multicomputer applications 
that are highly-available. Applications that are highly- 
available are able to continue to execute after a failure 
That is. the application is fault-tolerant and the integrity so 
of customer data is preserved. 

It is important in highly-available systems to be able 
to coordinate, manage and monitor changes to subsys- 
tems (e.g., process groups) running on processing 
nodes within the distributed computing environment. In 55 
accordance with the principles of the present invention, 
a facility is provided that implements the above func- 
tions. One example of such a facility is referred to herein 



as Group Services. 

Group Services is a system-wide, fault-tolerant and 
highly-available service that provides a facility for coor- 
dinating, managing and monitoring changes to a sub- 
system running on one or more processors of a distrib- 
uted computing environment. Group Services, through 
the techniques of the present invention, provides an in- 
tegrated framework for designing and implementing 
fault-tolerant subsystems and for providing consistent 
recovery of multiple subsystems. Group Services offers 
a simple programming model based on a small number 
of core concepts. These concepts include, in accord- 
ance with the principles of the present invention, a clus- 
terwide process group membership and synchroniza- 
tion service that maintains application specific informa- 
tion with each process group. 

As described above in one example, the mecha- 
nisms of the present invention are included in a Group 
Services facility. However, the mechanisms of the 
present invention can be used in or with various other 
facilities, and thus, Group Services is only one example. 
The use of the term Group Services to include the tech- 
niques of the present invention is for convenience only. 

In one embodiment, the mechanisms of the present 
invention are incorporated and used in a distributed 
computing environment, such as the one depicted in 
FIG 1 . In one example, distributed computing environ- 
ment 100 includes, for instance, a plurality of frames 102 
coupled to one another via a plurality of LAN gates 104. 
Frames 102 and LAN gates 104 are described in detail 
below. 

in one example, distributed computing environment 
100 includes eight (B) frames each of which includes a 
plurality of processing nodes 106. In one instance, each 
frame includes sixteen (16) processing nodes (a.k.a, 
processors) . Each processing node is : for instance, a 
RISC/6000 computer running AIX a UNIX based oper- 
ating system. Each processing node within a frame is 
coupled to the other processing nodes of the frame via, 
for example, an internal LAN connection. Additionally, 
each frame is coupled to the other frames via LAN gates 
104. 

As examples, each LAN gate 104 includes either a 
RISC/6000 computer, any computer network connec- 
tion to the LAN, or a network router. However, these are 
only examples. It will be apparent to those skilled in the 
relevant art that there are other types of LAN gates, and 
that other mechanisms can also be used to couple the 
frames to one another. 

In addition to the above the distributed computing 
environment of FIG. 1 is only one example. It is possible 
to have more or less than eight frames, or more or less 
than sixteen nodes per frame. Further, the processing 
nodes do not have to be RISC/6000 computers running 
AiX. Some or all of the processing nodes can include 
different types of computers and/or different operating 
systems. All of these variations are considered a part of 
the claimed invention 
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In one embodiment, a Group Services subsystem 
incorporating the mechanisms ot the present invention 
is distributed across a plurality of the processing nodes 
of distributed computing environment 100. In particular, 
in one example, a Group Services daemon 200 (FIG. 2) 
is located within one or more ot processing nodes 106. 
The Group Services daemons are collectively referred 
to as Group Services. 

Group Services facilitates for instance, communi- 
cation and synchronization between multiple processes 
of a process group, and can be used in a variety of sit- 
uations, including, for example, providing a distributed 
recovery synchronization mechanism. A process 202 
(FIG. 2) desirous of using the facilities of Group Services 
is coupled to a Group Services daemon 200. In partic- 
ular, the process is coupled to Group Services by linking 
at least a part of the code associated with Group Serv- 
ices (e.g., the library code) into its own code. In accord- 
ance with the principles of the present invention, this 
linkage enables the process to use the mechanisms of 
the present invention, as described in detail below 

In one embodiment, a process uses the mecha- 
nisms of the present invention via an application pro- 
gramming interface 204. In particular, the application 
programming interface provides an interface for the 
process to use the mechanisms of the present invention, 
which are included in Group Services, as one example. 
In one embodiment, Group Services 200 includes an in- 
ternal layer 302 (FIG. 3) and an external layer 304, each 
of which is described in detail below. 

In accordance with the principles of the present in- 
vention, internal layer 302 provides a limited set of func- 
tions for external layer 304. The limited set of functions 
of the internal layer can be used to build a richer and 
broader set of functions, which are implemented by the 
external layer and exported to the processes via the ap- 
plication programming interface. The internal layer of 
Group Services (also referred to as a metagroup layer) 
is concerned with the Group Services daemons, and not 
the processes (i.e., the client processes) coupled to the 
daemons. That is. the internal layer focuses its efforts 
on the processors, which include the daemons In one 
example, there is only one Group Services daemon on 
a processing node: however, a subset or all of the 
processing nodes within the distributed computing en- 
vironment can include Group Services daemons. 

The internal layer of Group Services implements 
functions on a per processor group basis. There may be 
a plurality of processor groups in the network Each 
processor group (also, referred to as a metagroup) in- 
cludes one or more processors having a G roup Services 
daemon executing thereon. The processors of a partic- 
ular group are related in that they are executing related 
processes. (In one example, processes that are related 
provide a common function.) For example, referring to 
FIG. 4, a Processor Group X (400) includes Processing 
Node 1 and Processing Node 2, since each of these 
nodes is executing a process X : but it does not include 



Processing Node 3. Thus. Processing Nodes 1 and 2 
are members of Processor Group X. A processing node 
can be a member of none or any number of processor 
groups, and processor groups can have one or more 
5 members in common. 

In order to become a member of a processor group, 
a processor needs to request to be a member of that 
group. In accordance with the principles of the present 
invention, a processor requests to become a member 
w of a particular processor group (e.g.. Processor Group. 
X) when a process related to that group (e.g.. Process 
X) requests to join a corresponding process group (e.g. . 
Process Group X) and the processor is not aware of that 
corresponding process group. Since the Group Servic- 
es es daemon on the processor handling the request to join 
a particular process group is not aware of the process 
group, it knows that it is not a member of the correspond- 
ing processor group. Thus, the processor asks to be- 
come a member, so that the process can become a 
20 member of the process group. (One technique for be- 
coming a member of a processor group is described in 
detail further below.) 

Internal layer 302 (FIG. 3) implements a number of 
functions on a per processor group basis. These func-. 
25 tions include, for example, maintenance of group lead- 
ers, insert, multicast, leave, and fail, each of which is 
described in detail below. 

In accordance with the principles of the present in- 
vention, a group leader is selected for each processor 
30 group of the network. In one example, the group leader 
is the first processor requesting to join a particular 
group. As described herein, the group leader is respon- 
sible for controlling activities associated with its proces- 
sor group(s). For example, if a processing node. Node 
35 2 (FIG. 4), is the first node to request to join Processor 
Group X. then Processing Node 2 is the group leader 
and is responsible for managing the activities of Proc- 
essor Group X. It is possible for Processing Node 2 to 
be the group leader of multiple processor groups. 
40 If the group leader is removed from the processor 
group for any reason, including, for instance, the proc- 
essor requests to leave the group, the processor fails or 
the Group Services daemon on the processor fails, then 
group leader recovery takes place. In particular a new 
45 group leader is selected, STEP 500a "SELECT NEW 
GROUP LEADER" (FIG. 5a). 

In one example, in order to select a new group lead- 
er, a membership list for the processor group, which is 
ordered in sequence of processors joining the group, is 
50 scanned, by one or more processors of the group, for 
the next processor in the list, STEP 502 "OBTAIN NEXT 
MEMBER IN MEMBERSHIP LIST** Thereafter, a deter- 
mination is made as to whether the processor obtained 
from the list is active, INQUIRY 504 "IS MEMBER AC- 
55 Tl VE?" In one embodiment, this is determined by anoth- 
er subsystem distributed across the processing nodes 
of the distributed computing environment The subsys- 
tem sends a signal to at least the nodes in the member- 
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ship list, and if there is no response from a particular 
node, it assumes the node is inactive. 

If the selected processor is not active, then the 
membership list is scanned, again until an active mem- 
ber is located. When an active processor is obtained 
from the list, then this processor is the new group leader 
for the processor group. STEP 506 "SELECTED MEM- 
BER IS NEW GROUP LEADER." 

For example, assume that three processing nodes 
joined Processor Group X in the following order: 

Processor 2. Processor 1 : and Processor 3. 

Thus. Processor 2 is the initial group leader (see 
FIG. 6a). At some time later. Processor 2 leaves Proc- 
essor Group X. and therefore, a new group leader is de- 
sired. According to the membership list for Processor 
Group X. Processor 1 is the next group leader. However 
if Processor 1 is inactive, then Processor 3 would be 
chosen to be the new group leader (FIG. 6b). 

In accordance with the principles of the present in- 
vention, in one example, the membership list is stored 
in memory of each of the processing nodes of the proc- 
essor group. Thus, in the above example. Processor 1 
Processor 2. and Processor 3 would all contain a copy 
of the membership list. In particular each processor to 
join the group receives a copy of the membership list 
from the current group leader. In another example, each 
processor to join the group receives the membership list 
from another member of the group other than the current 
group leader. 

Referring back to FIG. 5a, in one embodiment of the 
invention, once the new group leader is selected, the 
new group leader informs a name server that it is the 
new group leader STEP 508 "INFORM NAME SERV- 
ER. " As one example, a name server 700 (FIG. 7) is one 
of the processing nodes within the distributed computing 
environment designated to be the name server The 
name server serves as a central location for storing cer- 
tain information, including, for instance, a list of all of the 
processor groups of the network and a list of the group 
leaders for all of the processor groups. This information 
is stored in the memory of the name server processing 
node. The name server can be a processing node within 
the processor group or a processing node independent 
of the processor group. 

In one example, name server 700 is informed of the 
group leader change via a message sent from the Group 
Services daemon of the new group leader to the name 
server. Thereafter the name server then informs the 
other processors of the group of the new group leader 
via, for example, an atomic multicast, STEP 510 "IN- 
FORM OTHER MEMBERS OF THE GROUP" (FIG. 5a) 
(Multicasting is similar in function to broadcasting, how- 
ever, in multicasting the message is directed to a select- 
ed group, instead of being provided to all processors of 
a system. In one example, multicasting can be per- 
formed by providing software that takes the message 
and the list of intended recipients and performs point to 
point messaging to each intended recipient using, for 



example, a User Datagram Protocol (UDP) or a Trans- 
mission Control Protocol (TCP). In another embodi- 
ment, the message and list of intended recipients are 
passed to the underlying hardware communications. 
5 such as Ethernet, which will provide the multicasting 
function.) 

In another embodiment of the invention, a member 
of the group other than the new group leader informs 
the name server of the identity of the new group leader 
10 As a further example, the processors of the group are 
not explicitly informed of the new group leader, since 
each processor in the processor group has the mem- 
bership list and has determined for itself the new group 
leader. 

is In yet another embodiment of the invention, when 
a new group leader is needed, a request is sent to the 
name server requesting from the name server the iden- 
tity of the new group leader STEP 500b "REQUEST 
NEW GROUP LEADER FROM NAME SERVER" (FIG. 

20 5b). In this embodiment, the membership list is also lo- 
cated at the name server and the name server goes 
through the same steps described above for determin- 
ing the new group leader STEPS 502, 504 and 506. 
Once it is determined, the name server informs the other 

25 processors of the processor group of the new group 
leader STEP 510 "INFORM OTHER MEMBERS OF 
THE GROUP." 

In addition to the group leader maintenance func- 
tion implemented by the internal or metagroup layer an 

30 insert function is also implemented. The insert function 
is used when a Group Services daemon (i.e., a proces- 
sor executing the Group Services daemon) wishes to 
join a particular group of processors. As described 
above, a processor requests to be added to a particular 

35 processor group when a process executing on the proc- 
essor wishes to join a process group and the processor 
is unaware of the process group. 

In one example, in order to become a member of a 
processor group, the processor wishing to join the group 

40 first determines who is the group leader of the processor 
group. STEP 800 "DETERMINE GROUP LEADER" 
(FIG. 8). In one embodiment, the group leader is deter- 
mined by providing name server 700 with the name of 
the processor group and requesting from the name serv- 

^5 er the identity of the group leader for that group. 

Should the name server respond that the request- 
ing processor is the group leader (since this is the first 
request for the group). INQUIRY 801, the requesting 
processor forms the processor group, STEP 803 

50 "FORM GROUP " In particular it creates a membership 
list for that particular processor group, which includes 
the requesting processor. 

If the processor is not the group leader then it sends 
an insert request, via a message, to the group leader, 

55 the identity of which is obtained from the name server 
STEP 802 "SEND INSERT REQUEST TO GROUP 
LEADER." The group leader then adds the requesting 
processor to the processor group, STEP 804 "GROUP 



0 



6 



11 



EP 0 805 393 A2 



12 



LEADER INSERTS ^CESSO^^^ 

GROUP ■ in part.cu.ar m one |ts mem . 

Services daemon of the group leade upd 

b ersh,p list and informs, via a mu cas . ^ ^ 

Gr oup Services ^^S^ ,? 8 , located at 
,he joining processor to the mem 
tha t processor. In particular ^ ne ^ uRica8t . o, the 
,eader informs the other the update, and 

update, the daemons ^J^.^e change 
then the group leader sends out a comm ^ 

via another multicast. (In another ^ , ln 

torm ,ng can be performed via 

vention. a processor that is a Simi | arlo the m- 

gr ou P may request to leave the grou Sim 
Lrt request, a leave request is Jorwarc ed to _ g 

the processor group to also — 

"ZZZ^E^™*™*' Add,t ' 0na,,y 
MOVES PROCESSOH e ^ gfoup 

the leaving processor is the grc , p ^ 
fails, the processor is 'emove services 

member processors to do me same 
""""Libe, fusion rmpiemenred W « 

one-way multicasis, dt> wc 

CaS, '„ one embodiment in order io mui.icas. a message 
„„m one member o, a group io o.he, members olme 

,„ accordance with the principles of the present i 
vent on pnor to sending a message, the g^£ea£ 

sequence numbers are Kepi 



is sor group This is P 0SSIDIt; , th proc essor 

across all of the process." , nod so t P . 
group in a recoverable fashion There s no n 
cordance with the present invention, to store tne 

h for rpcoverv m persistent storage The tech 
^ «1 he p esennnvention eliminates the need for 
20 ^T,Z:Z^^ -rage for stor.ng re- 

25 rerr::^ ,t has a» C - ^s ^ by commun, 
cat ,ng with the processing , no es o ^ R ha£ 
embodiment once the group leao 

- " "ZS*^ Xon—messag- 
recovery from a fa.led processing node fa.led p 

Processor group maintains its own or- 
vention, each processor giu p mp .- aaes for one 

messaaes oi anomer processor group The processor 

JS °' ^ P or e ~" o,r rnvemron. .a* process- 

to another no messages are re- 

T 7b, a» ol me Processors ol .be group Once me 
S ° Tssage^ ' ece'ed b» ati ot tne processors, men 

" T^^E^U -de, tba, ,-o.ms 
It has seen (i.e.. the fast message in proper order). The 



13 



EP 0 805 393 A2 



14 



group leader collects this information, and when it sends 
a message to the processing nodes, it includes in the 
message the sequence number of the last message 
seen by all of the nodes. Thereafter, the processing 
nodes can delete those messages indicated as being 
seen. 

In accordance with the principles of the present in- 
vention, the multicast stream is advantageously qui- 
esced at certain times to insure all processor group 
members have received all of the messages. For exam- 
ple, the stream is quiesced when there have been no 
multicasts for a certain period of time or after some 
number of NoAckRequired (i.e., no acknowledgment re- 
quired) multicasts have been sent. In one embodiment, 
when the multicast stream is to be quiesced, the group 
leader sends out a SYNC multicast, which all processor 
group members acknowledge. When a processor group 
member receives such a message, it knows that it has 
(or should have) all of the messages, based on the se- 
quence number of the SYNC message. If it is missing 
any messages, it obtains the messages before acknowl- 
edging. When the group leader receives all of the ac- 
knowledgments to this multicast, it knows that all proc- 
essor group members have received all of the messag- 
es, and therefore, the multicast stream is synced and 
quiesced. 

In another embodiment of the invention, a specific 
SYNC multicast is not necessary Instead, one of the 
following techniques can be used to quiesce the multi- 
cast stream. As one example, a multicast requiring an 
acknowledgment can be sent from the group leader to 
the processors. When a processor receives a multicast 
that requires an acknowledgment, it sends the acknowl- 
edgment to the group leader. The acknowledgment con- 
tains the sequence number of the multicast it is acknowl- 
edging. The processors use this sequence number to 
determine if they are missing any messages. If so, they 
request the missing messages from the group leader 
as one example. After the group leader multicasts the 
ACKrequired message to all of the processors of the 
group and receives all of the acknowledgments, the 
group leader knows that the stream is quiesced. The 
non-group leader processors rely on the group leader 
to insure that they receive all the messages in a timely 
fashion, so they do not need to periodically acknowl- 
edge or ping the group leader to insure they have not 
missed a multicast. 

As a further example, in those situations in which 
NoAckRequired multicasts are being used, the group 
leader can alter one of the NoAckRequired multicasts 
into an AckRequired multicast, thus using it as a sync 
in the manner described above. Thus, no explicit SYNC 
message is required. 

In addition to the above, in another example, it is 
possible for the non-group leader processors to antici- 
pate the group leader's action, such that if the number 
of NoAckRequired messages approaches the window 
size (i.e., e.g., reaches a predetermined number such 



as five, in one example) or if a maximum idle time ap- 
proaches, the non-group leader processors can send an 
ACK to the group leader. The ACK provides to the group 
leader the highest sequence number multicast that each 
5 processor has received. If all of the non-group leader 
processors do this, then it is not necessary for the group 
leader to turn a NoAckRequired multicast into an Ack- 
Required multicast. Therefore, the group is not held up 
by waiting for all of the acknowledgments. 
10 Support for the above feature of the present inven-. 
tion is transparent to the users of Group Services (i.e . 
the processes). No explicit actions are necessary by the 
processes to implement this feature. Additionally, this 
support is available in the internal and external layers of 
75 Group Services. 

Referring back to FIG. 3. external layer 304 imple- 
ments a richer set of mechanisms of the application pro- 
gramming interface that is easy for the user (i.e.. the 
client processes) to understand. 
20 in one example, these mechanisms include an 
atomic multicast, a 2-phase commit, barrier synchroni- 
zation, process group membership, processor group 
membership, and process group state value, each of 
which is described below These mechanisms, as well 
25 as others, are unified, in accordance with the principles 
of the present invention, by the application programming 
interface, into a single, unified framework that is easy to 
understand. In particular, communications and synchro- 
nization mechanisms (in addition to other mechanisms) 
30 have been unified into a single protocol. 

In accordance with the principles of the present in^ 
vention. the single, unified framework is provided to 
members of process groups, as described in detail here- 
in. A process group includes one or more related proc- 
35 esses executing on one or more processing nodes of 
the distributed computing environment. For example, 
referring to FIG. 10. a Process Group X (1000) includes 
a Process X executing on Processor 1 and two Process 
X's executing on Processor 2. The manner in which a 
40 process becomes a member of a particular process 
group is described in detail further below. 

Process groups can have at least two types of mem- 
bers, including a provider and a subscriber. A provider 
is a member process that has certain privileges, such 
45 as voting rights, and a subscriber has no such privileges. 
A subscriber can merely watch the ongoings of a proc- 
ess-group, but cannot participate in the group. For ex- 
ample, a subscriber can monitor the membership of a 
group, as well as the state value of the group, but it can- 
50 not vote. In other embodiments, other types of members 
with differing rights can be provided. 

In accordance with the principles of the present in- 
vention, the application programming interface is imple- 
mented, as described below with reference to FIG 11 
55 Referring to FIG. 11 , in one example, initially, a pro- 
vider of a process group proposes a protocol for the 
group (subscribers cannot propose protocols, in this 
embodiment), STEP 1100 "MEMBER OF PROCESS 
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GROUP PROPOSES A PROTOCOL FOR THE 
GROUP." In particular in one instance, an API call is 
made proposing the protocol. In one example, the pro- 
tocol is submitted, by a process, to the external layer of 
the Group Services daemon on the processor executing 
the process. That Group Services daemon then submits 
the protocol to the group leader of the group via a mes- 
sage. The group leader then informs, via a multicast, all 
of the processors of the related processor group of the 
protocol. (The internal layer of the daemon is managing 
this multicast.) Those processors then inform the appro- 
priate members of the process group, via the external 
layer of the proposed protocol STEP 1102 "INFORM 
PROCESS GROUP MEMBERS OF THE PROTOCOL" 
If multiple providers propose a protocol at the same 
time, then the group leader selects the protocol to be 
run. in the following manner. In one embodiment, the 
protocols are prioritized in that any protocol for a failure 
is first, a join protocol is second, and all other protocols 
(e.g.. requests to leave, expel, update state value and 
provide a group message, described below) are on a 
first come first served basis. Thus, if a request to remove 
a member due to a failure is proposed at the same time 
as a request to join and a request to leave, then the re- 
quest to remove is selected first. Then, the request to 
join is selected, followed by the request to leave. 

If there are multiple requests to remove due to fail- 
ure, then all of these requests are selected prior to the 
request to join. The requests to remove are selected by 
the group leader in the order seen by the group leader 
(unless batching is allowed, as described below). Simi- 
larly, if there are multiple request to join, then these are 
selected in a likewise manner prior to any of the other 
requests. 

In one embodiment, if there are multiple other re- 
quests, the first one received by the group leader is se- 
lected and the others are dropped. The group leader in- 
forms the providers of those dropped requests that they 
have been dropped and then, they can resubmit them if 
they wish. In another embodiment of the invention, 
these other requests can be queued in order of receipt 
and selected in turn, instead of being dropped. 

After a protocol is selected, a determination is made 
as to whether voting should be performed for the proto- 
col, INQUIRY 1104 "VOTING?" In one example, the 
process proposing the protocol indicates during the ini- 
tial proposal whether voting is to take place. If the pro- 
posal indicates no voting, then the protocol is simply an 
atomic multicast, and the protocol is complete, STEP 
1106 "END." 

If voting is to take place, then each provider of the 
process group votes on the protocol, STEP 1108 
"PROCESS GROUP MEMBERS WITH VOTING PRIV- 
ILEGES VOTE." Specifically, in accordance with the 
principles of the present invention, the voting allows 
each provider to take local actions necessary to satisfy 
the group, and to inform the group of the results of those 
actions. This functions as a barrier synchronization 



primitive by ensuring that all providers have reached a 
particular point before proceeding. 

In one embodiment of the present invention, each 
provider votes by casting a vote value, which may m- 
5 dude one of the following, as an example: 



10 



15 



20 



(a) APPROVE specifying that the provider wishes 
to complete the protocol once all of the providers 
have reached this barrier, and to accept all the pro- 
posed changes; 

(b) CONTINUE specifying that the provider wishes 
to continue the protocol through another voting 
step, and proposed changes remain pending: and 

(c) REJECT specifying that the provider wishes to 
end this protocol once all the providers have 
reached this barrier, and to reject those proposed 
changes that can be rejected. 



In accordance with the principles of the present in- 
vention, each provider of the process group forwards its 
vote to the Group Services daemon executing on the 
same processor as the process The Group Services 
25 daemon then forwards the vote values it receives to the 
group leader for the metagroup associated with that 
process group. For instance, the vote values for Process 
Group X are forwarded to the group leader of Processor 
Group X. Based on the vote values, the group leader 
30 determines how the protocol should proceed. The group 
leader then multicasts the result of the voting to each of 
the processors of the appropriate processor group (i.e.. 
to the Group Services daemons on those processors), 
and the Group Services daemons inform the providers 
35 of the result value. For example, the group leader in- 
forms the Group Services daemons of Processor Group 
X and the Group Services daemons provide the result 
to the providers of Process Group X. 

If one of the providers voted CONTINUE and none 
40 of the providers voted REJECT INQUIRY 1110 "CON- 
TINUE VOTING^", then the protocol proceeds to anoth- 
er voting step, STEP 1108 That is, the providers are 
performing barrier synchronization with a dynamic 
number of synchronization phases. In particular, in ac- 
45 cordance with the principles of the present invention, the 
number of voting steps (or synchronization phases or 
points) that a protocol can have is dynamic. It can be 
any number of steps desired by the voting members. 
The protocol can continue as long as any provider wish- 
so es for the protocol to continue. Thus, in one embodi- 
ment, the voting dynamically controls the number of vot- 
ing steps. However in another embodiment, the dynam- 
ic number of voting steps can be set during the initiation 
of the protocol. It is still dynamic, since it can change 
55 each time the protocol is initialized. 

If the providers vote not to continue to another vot- 
ing step, then the protocol is a 2-phase commit. After 
the voting is complete (either for a two-phase or multi- 
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phase vote), the result of the vote is provided to the 
members. In particular should any one provider of the 
process group vote REJECT then the protocol ends and 
the proposed changes are rejected. Each of the provid- 
ers is informed, via a multicast, that the protocol has 
been rejected. STEP 1112 "INFORM MEMBERS OF 
COMPLETION OF PROTOCOL." On the other hand, if 
ail of the providers voted APPROVE, then the protocol 
is complete and all of the proposed changes are accept- 
ed. The providers are informed of the approved protocol, 
via a multicast. STEP 1112 "INFORM MEMBERS OF 
COMPLETION OF PROTOCOL." 

In accordance with the principles of the present in- 
vention, the above-described protocol is also integrated 
with process group membership and process group 
state values. In particular, the mechanisms of the 
present invention are used to manage and monitor 
membership changes to the process groups. Changes 
to group membership are proposed via the protocol de- 
scribed above. Additionally., the mechanisms of the 
present invention mediate changes to the group state 
value, and guarantee that it remains consistent and re- 
liable, as long as at least one process group member 
remains. 

A group state value for the process group acts as a 
synchronized blackboard for the process group. In one 
embodiment, the group state value is an application 
specific value controlled by the providers. The group 
state value is part of the group state data maintained for 
each process group by Group Services. In addition to 
the group state value, the group state data includes a 
provider membership list for that group. Each provider 
is identified by a provider identifier and the list is ordered 
by Group Services such that the oldest provider (the first 
provider joining the group) is at the head of the list, and 
the youngest is at the end. 

Changes to the group state value are proposed by 
group members (i.e., the providers) via the protocol de- 
scribed above. In one embodiment, the contents of the 
group state value are not interpreted by Group Services 
The meaning of the group state value is attached by the 
group members. The mechanisms of the present inven- 
tion guarantee that all process group members see the 
same sequence of changes to the group state values, 
and that all process group members will see the up- 
dates. 

Thus., as described above, the application program- 
ming interface of the present invention provides a single, 
unified protocol that includes a plurality of mechanisms 
including, for example, an atomic multicast, 2-phase 
commit, barrier synchronization, group membership 
and group state value. The manner in which the protocol 
is used for group membership and the group state value 
is described in further detail below. 

The voting mechanism described above is used, in 
accordance with the principles of the present invention, 
to propose changes to the membership of a process 
group. For instance, if a process wishes to join a partic- 



ular process group, such as Process Group X. then that 
process issues a pin call. STEP 1200 "INITIATE RE- 
QUEST TO JOIN" (FIG. 12) In one embodiment, this 
call is sent as a message across a local communications 

s path (e.g.. a UNIX domain socket) to the Group Services 
daemon on the processor executing the requesting 
process. The Group Services daemon sends a mes- 
sage to the name server asking the name server for the 
name of the group leader for the process group that the 

10 requesting process wishes to join. STEP 1202 "DETER- 
MINE GROUP LEADER." 

If this is the first request to join the particular process 
group, then the name server informs the Group Services 
daemon that it is the group leader, INQUIRY 1204 

75 "Fl RST REQUEST TO JOIN'?". Thus, the processor cre- 
ates a processor group, as described above, and adds 
the process to the process group. STEP 1210 "ADD 
PROCESS." In particular, the process is added to a 
membership list for that process group. This member- 

20 ship list is maintained by Group Services, for example, 
as an ordered list. In one example, it is ordered in se- 
quence of joins. The first process to join is first in the 
list, and so forth. 

In accordance with the principles of the present in- 

25 vention. the first process to join a process group identi- 
fies a set of attributes for the group. These attributes are 
included as arguments in the pin call sent by the proc- 
ess. These attributes include, for instance, the group 
name, which is a unique identifier, and prespecified m- 

30 formation that defines to Group Services how the group 
wishes to manage various protocols. For instance, the 
attributes can include an indication of whether the proc- 
ess group will accept batched requests, as described 
below. Additionally, in another example, the attributes 

35 can include a client version number representing, for ex- 
ample, the software level of the programming in each 
provider. This will ensure that all group members are at 
the same level. The above-described attributes are only 
one example. Additional or different attributes can be 

io included without departing from the spirit of the claimed 
invention. 

Returning to INQUIRY 1 204 "FIRST REQUEST TO 
JOIN 9 ", if this is not the first request to pin. then the pin 
request is sent via a message to the group leader, des- 

•*s ignated by the name server STEP 1214 "SEND JOIN 
REQUEST TO GROUP LEADER." The group leader 
then performs a prescreenmg test. STEP 1216 "PRE- 
SCREEN " In particular, the group leader determines 
whether the attributes specified by the requesting proc- 

50 ess are the same as the attributes set by the first process 
of the group. If not. then the pin request is rejected. 

However, if the prescreen test is successful, then 
the providers of the process group are informed of the 
request via, for instance, a multicast from the group 

55 leader, and the providers vote on whether to allow the 
process to be added to the group. STEP 1220 "VOTE. 
" The voting takes place, as described above. The pro- 
viders can vote to continue the protocol and vote on this 
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join again, or they can vote to reject or approve the join. 
If one of the providers votes REJECT, then the join is 
terminated and the process is not added to the group, 
INQUIRY 1222 "SUCCESSFUL?". However, if all of the 
providers vote APPROVE, then the process is added to 
the group, STEP 1224 "ADD PROCESS." In particular 
the process is added to the end of the membership list 
for the group. Once the protocol is complete, the mem- 
bers of the group are notified of the result. In particular 
in one example, all of the members (including the pro- 
viders and subscribers) are notified when the process 
is added, but only the providers are notified when the 
protocol has been rejected. In another exampie. other 
types of members may also be notified, as deemed ap- 
propriate. 

Join requests are used by providers to join a proc- 
ess group, as described above. A provider is afforded 
certain benefits, such as voting rights. Processes can 
also subscribe to a process group, however, by issuing 
an API subscribe call (as opposed to a join call). A sub- 
scriber is provided the ability to monitor a particular proc- 
ess group, but not to participate in the group. 

When a subscribe call is issued, it is forwarded to 
the Group Services daemon on that processor and that 
Group Services daemon keeps track of it. If the Group 
Services daemon is not a part of the processor group, 
then it will become inserted into the group, as previously 
described. In one embodiment, there is no voting for the 
subscriber and other members of the group, including 
the providers and any other subscribers, are not aware 
of the subscriber A subscriber cannot subscribe to a 
process group that is not already created. 

Group membership can also be altered by a group 
member leaving or being removed from a group. In one 
example, a group member wishing to leave a group, 
sends a request to leave to the group leader in the man- 
ner described above. STEP 1300 "INITIATE REQUEST 
TO LEAVE" (FIG 13). The group leader sends a multi- 
cast to the providers requesting the providers to vote on 
the proposed change. STEP 1302 "VOTE." The vote 
takes place in the manner described above, and if ail of 
the providers vote APPROVE, INQUIRY 1 304. then the 
process is removed from the membership list for that 
process group. STEP 1 306 "REMOVE PROCESS/ and 
all of the group members are notified of the change. 
However, if one of the providers votes REJECT, then the 
process remains a part of the process group, the proto- 
col ts terminated, and the providers are notified of the 
rejected protocol. Of course, if none of the providers 
votes REJECT and any one of the providers votes CON- 
TINUE, then the protocol continues to another round of 
voting. 

A member of a group may leave the group involun- 
tarily when it is expelled from the group via an approved 
expel protocol proposed by another process of the 
group, or when the group member fails or the processor 
in which it is executing fails. The manner in which an 
expulsion is performed is the same as that described 



above for a member requesting to leave a group, except 
that the request is not initiated by a process wishing to 
leave, but instead by a process desiring to remove an- 
other process from the group 
5 Likewise, in one embodiment, the technique for re- 

moving a process when the process fails or when the 
processor executing the process fails, is similar to that 
technique used to remove a process requesting to 
leave. However instead of the process initiating a re- 
10 quest to leave, the request is initiated by Group Servic- 
es, as described below. 

In the case of a process failure, in one example, the 
group leader is informed of the failure by the Group 
Services daemon running on the processor of the failed 
is process. The Group Services daemon determines that 
the process has failed, when it detects that a stream 
socket (known to those skilled in the art) associated with 
the process has failed. The group leader then initiates 
the removal. 

20 in the case of a processor failure, the group leader 
detects this failure and initiates the request to remove. 
If it is the group leader that has failed, then group leader 
recovery is performed, as described herein, before the 
request is initiated. In one embodiment, the group leader 
25 is informed of the processor failure by a subsystem that 
is distributed across the processing nodes of the net- 
work. This subsystem sends out signals to all of the 
processing nodes and if the signal is not acknowledged 
by a particular node, that node is considered down (or 
30 failed). This information is then broadcast to Group 
Services. 

As described above, when a process wishes to join 
a group or a group member wishes to leave or is re- 
moved from the group, the group leader informs each 
35 of the group providers of the proposed change, so that 
the providers can vote on that change. In accordance 
with the principles of the present invention, these pro- 
posed membership changes can be presented to the 
group providers either singly (i.e., one proposed group 
40 membership change per protocol) or batched (i.e. , mul- 
tiple proposed group membership changes per proto- 
col). In the case of batched requests, the group leader 
collects the requests for a prespecified amount of time, 
as one exampie, and then presents to the group provid- 
es ers one or more batched requests. Specifically, one 
batched request is provided, which includes all of the 
join requests collected during that time, and another 
batched request is provided, which includes all of the 
leave or remove requests collected. In one embodiment, 
50 one batched request can only include all joins or all 
leaves (and removals), and not a combination of both. 
This is only one example. In other examples, it is pos- 
sible to combine both types of requests. 

When a batched request is forwarded to the group 
55 providers, the group providers vote on the entire 
batched request, as a whole. Thus, either the entire 
batch is accepted, continued or rejected. 

In accordance with the principles of the present in- 
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vention, each process group can determine whether it 
is willing to allow requests to be batched or not. Addi- 
tionally, each process group can determine whether 
some types of requests are allowed to be batched, while 
others are not. For instance, assume there are a number 
of process groups executing in the network. Process 
Group W can decide that it wants to receive batched 
requests for all types of requests, while Process Group 
X can independently decide that it wants to receive all 
requests serially. Additionally. Process Group Y can al- 
low batched request for only join requests, while Proc- 
ess Group Z allows batched requests only for leave or 
removal requests. Thus, the mechanisms of the present 
invention provide flexibility in how requests are present- 
ed and voted on. 

Although the system is flexible, there a number of 
rules that have been instituted in one embodiment of the 
invention to ensure consistent and reliable group mem- 
bership These rules include the following, as one ex- 
ample: 

1 . No group member can be shown to be failing and 
leaving the group before it has joined the group. 

2. No group member can be shown to be joining a 
group a second time, before its initial failure has 
been handled. 

3. Where a group has both requests to join, and has 
established members in a failed state, all of the 
failed members are dealt with (via one or more of 
the failure protocols) before any of the requests to 
join can be satisfied. 

4. All non-failed group providers, including those re- 
questing to join, see the same sequence of proto- 
cols and membership lists. 

Described above in detail is how the voting protocol 
of the present invention is used to manage group mem- 
bership. The voting protocol can also be used, however, 
to propose a group state value, in accordance with the 
principles of the present invention. In particular, during 
a voting phase, a provider of the process group can pro- 
pose to change the state value of the group, in addition 
to providing a vote value. This provides a mechanism to 
allow group providers to reflect group information relia- 
bly and consistently to other group members. In one ex- 
ample, the group state value (and other information, 
such as, a message, and an updated vote value, as de- 
scribed herein) is provided with the vote value via a vote 
interface that allows for various arguments to be pre- 
sented. 

For example, when a member joins or leaves the 
group, the group is driven through a multi-step protocol, 
as described above. During each voting step, the group 
members perform local actions to prepare for the new 
member, or to recover from the loss of the failed mem- 



ber. Based on the results of these local actions, tor in- 
stance, one or more of the providers may decide to mod- 
ify the group state value. In one example, the group state 
value can be "active." indicating that the process group 

5 is ready to accept service requests: "inactive." indicating 
that the process group is shutdown because, for in- 
stance, the group does not have enough members: or 
"suspend," indicating that the process group will accept 
requests, but is temporarily not processing the requests 

to Group Services guarantees that the updates to the 
group state value are coordinated, such that the group 
providers will see the same consistent value. If the pro- 
tocol is APPROVED, then the latest updated Droposed 
group state value is the new group state value If the 

75 protocol is REJECTED, then the group's state value re- 
mains as it was before the rejected protocol began ex- 
ecution. 

In accordance with the principles of the present in- 
vention, the voting protocol can also be used to multicast 

20 messages to the group members. For example, in ad- 
dition to providing a vote value, a provider can include 
a message that is to be forwarded to all other members 
of the process group. Unlike the group state value, this 
message is not persistent. Once it is shown to the group 

25 members. Group Services no longer keeps track of it 
However, Group Services does guarantee delivery to all 
non-failed group providers. 

The message can be used by a group provider, for 
instance, to forward significant information during the 

30 protocol that cannot be carried by the other responses 
within a vote. For example, it can be used to provide 
information that cannot be reflected in the provider's 
vote value or to provide information that does not need 
to be made persistent. In one example, it can inform the 

35 group members of a particular function to perform. 

In accordance with one embodiment of the present 
invention, each provider of a process group is expected 
to vote at a voting phase of a protocol Until all of the 
providers vote, the protocol remains uncompleted. 

io Thus, a mechanism is provided in the voting protocol, 
in accordance with the principles of the present inven- 
tion, in order to handle the situation in which one or more 
providers have not provided a vote. In particular the vot- 
ing mechanism includes a default vote value, which is 

^5 explained in detail below. 

As examples, a default vote value is used when a 
provider fails during the execution of the protocol or 
when the processor in which the provider is executing 
fails or if the provider becomes non-responsive, as de- 

so scribed herein. The default vote value guarantees for- 
ward progress for the protocol and for the process 
group. A process group initializes its default vote value 
when the group is first formed by. for example, its at- 
tributes. In one embodiment, the default vote value can 

55 either be APPROVE or REJECT. During each voting 
phase, the default vote value can be changed to reflect 
changing conditions within the group 

In the situation in which a process fails during the 
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protocol, Group Services determines this, as described 
above, and thus, at any voting phase for the protocol, 
the group leader will submit the group's current default 
vote for the failed process. Similarly, if Group Services 
determines that the processor executing a member pro- 
vider has failed, then the group leader once again sub- 
mits a default vote. 

If, however, a processor or process is available but 
non-responsive, then the default vote value can also be 
used. In one example, a process is deemed non-respon- 
sive when it does not respond to a vote within a time 
limit set by the process group for that protocol. (Each 
protocol for each process group can have its own time 
limit.) When the process is non-responsrve : the default 
vote value assigned to the process group is used by the 
group leader for this particular process. In one embod- 
iment, it is possible to have no time limit. In that situation, 
Group Services will wait until the provider eventually re- 
sponds or until it fails. 

In one embodiment, when a default vote is used, 
the providers are informed of this. 

In accordance with the principles of the present in- 
vention, a provider can dynamically update the default 
vote value at any one or more of the voting steps within 
the protocol. This allows flexibility in the handling of fail- 
ures, as the protocol progresses. The proposed default 
value is submitted along with the vote value of the proc- 
ess. The new default vote value remains in effect for the 
remainder of the protocol, unless another default vote 
value is proposed at a later voting step. If multiple default 
vote values are proposed at a particular voting step, 
then in one embodiment. Group Services (i.e. . the group 
leader) selects the value submitted by the first process 
to respond. Once the protocol is complete, the default 
vote value for the process group reverts back to the val- 
ue initially set for the group. 

A default vote value is treated in the same manner 
as any other vote value. However, default vote values 
cannot, in one embodiment, include other information 
for the vote, such as. for instance, a message, a group 
state value or a new proposed updated default vote val- 
ue. 

As described above with reference to FIG. 11 , all of 
the above-described proposed protocols can be pro- 
posed as one-phase protocols in which the protocol is 
proposed and accepted in one multicast. Therefore, it is 
not necessary to take a vote. 

Described in detail above are mechanisms for en- 
suring highly-available multicomputer applications. As 
one example, the mechanisms of the present invention 
can be used for providing a fault-tolerant and highly- 
available system. The mechanisms of the present in- 
vention advantageously provide a general purpose fa- 
cility for coordinating, managing and monitoring chang- 
es to the state of process groups executing within the 
system. 

In accordance with the principles of the present in- 
vention, membership within processor groups and proc- 



ess groups can be dynamically updated, tn both cases, 
processors or processes can request to be added or re- 
moved from a group. The mechanisms of the present 
invention ensure that these changes are performed con- 

5 sistently and reliably 

Additionally, in accordance with the principles of the 
present invention, mechanisms are provided for ena- 
bling messages to be sent to one or more particular 
groups of processors, without having to send the mes- 

10 sages to alt of the processor groups. Each processor 
group has the ability to monitor and manage its own set 
of messages and for determining if one or more mes- 
sages has been missed. If a message has been missed, 
that message is then retrieved from another member of 

is the group There is no need to maintain stable storage 
for these messages. Each member of the group has the 
messages, and thus, can provide missing messages to 
other members. This advantageously reduces the costs 
of hardware. 

20 Further, in accordance with the principles of the 
present invention, mechanisms are provided for recov- 
ering from a failed group leader. These mechanisms en- 
sure that a new group leader is selected easily and ef- 
ficiently. 

25 The mechanisms of the present invention also pro- 
vide an application programming interface that unifies a 
number of protocols into one single, integrated frame- 
work for the processes. As one example, the integrated 
application programming interface provides a facility for 
30 communicating between members of process groups, 
as well as a facility for synchronizing processes of a 
process group. Additionally, the same interface provides 
a facility for dealing with membership changes to proc- 
ess groups, as well as changes to group state values. 
35 The application programming interface also in- 
cludes a mechanism that enables Group Services to 
monitor the responsiveness of the processes. This can 
be performed in a similar fashion as to a ping mecha- 
nism used in computer network communications. 
40 tn addition to the above, the mechanisms of the 
present invention provide a dynamic barrier synchroni- 
zation technique. In accordance with the principles of 
the present invention, the number of synchronization 
phases included in any one protocol is variable, and can 
45 be determined by the members voting on the protocol 
The mechanisms of the present invention can be 
included in one or more computer program products in- 
cluding computer useable media, tn which the media in- 
clude computer readable program code means for pro- 
so viding and facilitating the mechanisms of the present in- 
vention. The products can be included as part of a com- 
puter system or sold separately. 

The flow diagrams depicted herein are just exem- 
plary. There may be many variations to these diagrams 
55 or the steps described therein without departing from the 
spirit of the invention. For instance, the steps may be 
performed in a differing order, or steps may be added, 
deleted or modified. All of these variations are consid- 
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ered a part of the claimed invention. 

Although preferred embodiments have been depict- 
ed and described in detail herein, it will be apparent to 
those skilled in the relevant art that various modifica- 
tions, additions, substitutions and the like can be made 
without departing from the spirit of the invention and 
these are therefore considered to be within the scope of 
the invention as defined in the following claims. 

Claims 

1 . A method for joining a group of processors in a dis- 
tributed computing environment, said method com- 
prising the steps of: 

requesting, by a processor to join a group of 
processors, said group of processors executing 
related processes: and 

adding said processor to said group of proces- 
sors. 

2. A method for maintaining groups of processors in a 
distributed computing environment, said method 
comprising the steps of: 

identifying a specified action to be taken for a 
group of processors of said distributed comput- 
ing environment, said group of processors in- 
cluding one or more member processors, each 
of said one or more member processors includ- 
ing a related process: and 

performing said specified action for said group 
of processors. 

3. The method of claim 2. wherein said specified ac- 
tion is selected from the following list: 

(a) insert wherein a processor is requesting to 
join said group of processors: 

(b) multicast, wherein one of said one or more 
member processors is requesting to forward a 
message to any other member processors of 
said group of processors: 

(c) leave, wherein one of said one or more 
member processors is requesting to leave said 
group of processors: 

(d) remove, wherein one member of said one 
or more member processors is removed from 
said group of processors., when said one mem- 
ber fails: and 

(e) maintaining a group leader for said group of 



processors. 

4. The method of any preceding claim wherein a 
group leader for said group of processors is main- 

5 tained. and said method being capable of recover- 

ing from a failed group leader by 

obtaining from a membership list ordered in se- 
quence of joins of processors to said group of 
10 processors a next processor in said member- 

ship list: and 

selecting said next processor as a new group 
leader of said group of processors. 

75 

5. A system for joining a group of processors in a dis- 
tributed computing environment said system com- 
prising: 

20 a processor programmable to request to join a 

group of processors said group of processors 
executing related processes: and 

means for adding said processor to said group 
25 of processors. 

6. A system for maintaining groups of processors in a 
distributed computing environment, said system 
comprising: 

30 

means for identifying a specified action to be 
taken for a group of processors of said distrib- 
uted computing environment, said group of 
processors including one or more member 
35 processors, each of said one or more member 

processors including a related process: and 

means for performing said specified action for 
said group of processors. 

40 

7. The system of claim 6. wherein said specified action 
is selected from the following list: 

(a) insert, wherein a processor is requesting to 
45 join said group of processors: 

(b) multicast, wherein one of said one or more 
member processors is requesting to forward a 
message to any other member processors of 

50 said group of processors: 

(c) leave, wherein one of said one or more 
member processors is requesting to leave said 
group of processors: 

55 

(d) remove, wherein one member of said one 
or more member processors is removed from 
said group of processors, when said one mem- 
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ber fails: and 

( e) maintaining a group leader for said group of 
processors. 

The system of any preceding claim, where.n a 
qroup leader for said group of processors is mam- 
red and said system being capable of recover 
ing from a failed group leader by inciting the fur 
ther elements 

means for obtaining from a membership list or- 
dered in sequence of joins of processors to sa.d 
group of processors a next processor .n sa.d 
membership list: and 

means for selecting said next processor as a 
new group leader of said group of processors. 

A computer program product stored on a computer 
readable storage medium containing software code 
for performing the functions listed above .n any pre- 

ceding method claim 
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